Many companies and other organizations operate computer networks that interconnect numerous computing systems to support their operations, such as with the computing systems being co-located (e.g., as part of a local network) or instead located in multiple distinct geographical locations (e.g., connected via one or more private or public intermediate networks). For example, data centers housing significant numbers of interconnected computing systems have become commonplace, such as private data centers that are operated by and on behalf of a single organization, and public data centers that are operated by entities as businesses to provide computing resources to customers. Some public data center operators provide network access, power, and secure installation facilities for hardware owned by various customers, while other public data center operators provide “full service” facilities that also include hardware resources made available for use by their customers.
However, as the scale of data centers and compute resources provided by service providers have increased, the task of monitoring and ensuring security becomes increasingly more problematic. The amount of communication connections and data traffic into and out of a service provider's network can be voluminous and, therefore, malfeasors and malicious activity may be difficult to detect. A malfeasor may attempt to perform any of a variety of illicit actions such as scanning for networks, stealing data, corrupting data, etc.